Around 1000 shipping vessels have been impacted by a ransomware attack, a software management company has revealed.
DNV, a Norwegian software supplier that provides services for 12,000 ships and mobile offshore units across the globe, said its ShipManager software had been hit by the attack on January 7, 2023.
Consequently, around 70 customers operating roughly 1000 vessels have been impacted. These customers “have been advised to consider relevant mitigating measures depending on the types of data they have uploaded to the system.”
DNV added that it had informed the impacted parties about their responsibility to notify the relevant data protection authorities in their countries of the incident.
However, the firm said “there are no indications that any other data or servers by DNV are affected,” and the server outage has not impacted any of its other services.
Additionally, the incident has not affected the vessels’ ability to operate. This is because they can still use the onboard, offline functionalities of the ShipManager software. Also, other systems on the impacted ships remain unaffected.
DMV has reported the attack to the Norwegian Police, which is liaising with other relevant government agencies, including the Norwegian Data Protection Authority (Datatilsynet) and the German Cyber Security Authority (BSI).
The software supplier revealed it is also working with IT security partners to investigate how the incident occurred and “ensure secure online operations as soon as possible.”
The maritime industry has been hit by a number of high-profile cyber-incidents in recent years, with the potential to cause substantial economic disruption making it a tempting target for extortion campaigns.
Many ships also contain aging technological infrastructure, making them particularly vulnerable to vectors like ransomware.
In 2020, a ransomware attack forced the temporary closure of French container shipping giant CMA CGM’s website and applications.
In 2017, Danish shipping giant Maersk was hit by the infamous NotPetya ransomware attack, causing estimated losses of up to $300m.
Commenting on the DMV incident, Dr Darren Williams, CEO and founder of Blackfog, highlighted the growing targeting of critical infrastructure organizations: “Although the strain of ransomware used in this attack is still yet to be officially declared, the first major concern that comes to mind in relation to the attack at Maritime DNV is it adds yet another critical infrastructure victim to the list.
“With a global war at play and the DNV holding a global market share of 21% of the solutions and services of any maritime vessel, suppliers such as the DNV are ideal victims for attackers due to the large-scale disruption they can potentially cause.”
Simon Chassar, CRO at Claroty, believes the increasing interconnectedness of physical and digital systems in sectors like shipping is making incidents of this nature harder to mitigate. “Unfortunately, attacks that impact the critical infrastructure industry are increasing as they add more digital transformation and connected cyber-physical systems to their networks without the right protection tools,” he outlined.
Chassar added: “The convergence of IT and OT systems, as well as the connection of industrial internet of things (IIoT) devices and industrial control systems (ICS), exposes organizations to new cyber threats and vulnerabilities which can impact their operations and availability.”